Professional Documents
Culture Documents
Aarna Cybernetics Data Retention Policy v0.1
Aarna Cybernetics Data Retention Policy v0.1
1. Purpose..........................................................................................................................2
2. Scope.............................................................................................................................2
3. Policy Framework...........................................................................................................2
4. Risk Appetite..................................................................................................................2
5. Policy Statement.............................................................................................................2
6. Roles and Responsibilities...............................................................................................3
7. Document Review...........................................................................................................4
8. Related Documents.........................................................................................................4
9. Document Version History..............................................................................................4
1. Purpose
This policy applies the regulatory requirements in respect of data retention to our business.
2. Scope
This policy applies to all employees, contractors, volunteers, visitors, and other workers.
3. Policy Framework
This policy forms part of a set of policies designed to manage business risk and should be
considered in conjunction with the other relevant policies in the framework below:
4. Risk Appetite
4.1. We have no appetite for any non-compliance or significant customer detriment caused
by non-compliant processing of personal data.
5. Policy Statement
5.1. This policy relates to all types of data and ensures that all data which should be
retained are appropriately stored and managed.
5.2. The Data Protection Officer (DPO) is responsible for data storage and subsequent
destruction under agreed procedures.
5.3. Department heads are responsible for records relating to their departments so that-
5.5. Each stored data asset will be marked by the assigned person with:-
5.5.1. name of the record
5.5.2. record type
5.5.3. original owner of the data
5.5.4. identified retention period
5.5.5. planned date of destruction
5.5.6. Information relating to special data such as cryptography.
5.6. The DPO will ensure all data relating to the following are retained:-
5.6.1. Cryptographic keys required for access and all other means to access that
data
5.6.2. A risk assessment to ensure we do not exceed 90% of manufacturer’s
recommended storage life for storage media
5.6.3. Logs of data for disposal as part of general disposal records.
5.7. The DPO will establish a procedure for dealing with Freedom of Information requests
including how access is authorised, and how data are protected from loss, destruction
or falsification during the process.
This document will be reviewed by the at least annually, or as and when needed, if major
changes take place in the business structure, responsibilities, or regulatory framework.
8. Related Documents